The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.